mailing list archives
Information Security Mag: Vendor Control and Software Security
From: Gary McGraw <gem () cigital com>
Date: Tue, 5 Feb 2013 20:12:20 -0500
My monthly column [in]security is sometimes published as part of Information Security Magazine. That's what happened
with this column I wrote way back in December. It is appearing in the Feb/Mar issue of ISM.
And here it is on the intarwebs. This article suggests combining at least two measurements: 1) process measurement
with vBSIMM and 2) application measurement with binary, static, or hybrid analysis. This article begins to explain to
the general security practitioner (think network security person) how that all works:
Please read this and pass it on. I am interested in hearing your thoughts.
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
- Information Security Mag: Vendor Control and Software Security Gary McGraw (Feb 07)